Check if username confirms to Entity regex

Explicit not done for the TSV to keep the old behaviour. We should check if this regex can be shared globally and used in the assertions on the Entity and through the different API endpoints for constraints.
DOMjudge · Sep 29, 2023 · 207239c · 207239c
1 parent 0c5bf5e
commit 207239c
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/webapp/src/Service/ImportExportService.php b/webapp/src/Service/ImportExportService.php
@@ -877,6 +877,14 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array
             $juryTeam = null;
             $roles    = [];
             $type     = $account['type'];
+            $username = $account['username'];
+
+            $icpcRegex = "/^[a-zA-Z0-9@._-]+$/";
+            if (!preg_match($icpcRegex, $username)) {
+                $message = sprintf('Username "%s" should follow regex pattern: %s', $username, $icpcRegex);
+                return -1;
+            }
+
             // Special case for the World Finals, if the username is CDS we limit the access.
             // The user can see what every admin can see, but can not log in via the UI.
             if (isset($account['username']) && $account['username'] === 'cds') {
@@ -909,7 +917,7 @@ public function importAccountsJson(array $data, ?string &$message = null, ?array
                 'user' => [
                     'name'           => $account['name'] ?? null,
                     'externalid'     => $account['id'] ?? $account['username'],
-                    'username'       => $account['username'],
+                    'username'       => $username,
                     'plain_password' => $account['password'] ?? null,
                     'teamid'         => $account['team_id'] ?? null,
                     'user_roles'     => $roles,